Last week, Mr. Biden passed an executive order in an effort to force some of those changes to the pipeline industry, using the Transportation Safety Board’s oversight of the pipeline industry.
However, in the absence of comprehensive government mandates, cybersecurity practices are voluntary. As a result, many businesses and other organizations have, in effect, had to fend for themselves. And the latest ransomware attacks have shown the extent to which US cities, town governments, police departments and even one of the ferry routes between Cape Cod, Martha’s Vineyard and Nantucket have been unable to build. enough defense system.
For example, the latest attack against one of the world’s largest beef suppliers, JBS, carried out by a Russian group called REvil, has been wildly successful in breaking into companies. in very simple ways. This group often gains access to large corporations through a combination of email phishing, in which it sends employees an email tricking them into entering a password or clicking on a malicious link and exploiting the fraud. the company’s slowness to patch software.
REvil cybercriminals will often find and exploit vulnerable computer servers or break into a well-known vulnerability in Pulse Secure appliances, known as VPNs, or virtual private networks, which companies use to protect their data. This vulnerability was discovered a year ago after a series of cyber attacks by Chinese hackers.
A year later, however, many companies are still neglecting to run the patch, essentially leaving an open window into their systems.
In the White House memo, titled “What We Urge You To Do Now,” Ms. Neuberger asked businesses to focus on the basics. One step is multi-factor authentication, a process that forces employees to enter a second password, a disposable password from their phone, or a security token, when they log in from an unrecognized device .
It encourages them to regularly back up their data and keep those backup systems separate from the rest of the network so that cybercriminals can’t easily find them. It calls on companies to hire companies to perform “penetration tests,” essentially dry runs that simulate an attack on a company’s systems, to find vulnerabilities. And Ms. Neuberger asked them to think in advance about how they would react if their network and hostage were taken with ransomware.